Eric Dumazet wrote: : > There probably can be some other iptables commands running : > occasionally (automatic blacklisting of some IP addresses, enabling : > traffic to authenticated laptops, etc.), but not in the chains I am : > trying to modify with my firewall initscript. Can this also be a problem? : : Yes it is a problem. iptables manipulates the whole table, not a : subtree. So do you suggest I should implement some kind of user-space locking, or is the current approach of "retry after 1 sec when it fails" OK from the kernel point of view? Thanks, -Yenya -- | Jan "Yenya" Kasprzak <kas at {fi.muni.cz - work | yenya.net - private}> | | GPG: ID 1024/D3498839 Fingerprint 0D99A7FB206605D7 8B35FCDE05B18A5E | | http://www.fi.muni.cz/~kas/ Journal: http://www.fi.muni.cz/~kas/blog/ | Please don't top post and in particular don't attach entire digests to your mail or we'll all soon be using bittorrent to read the list. --Alan Cox -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html